Published on 19/06/2024
Share this Article:
Aston University researcher develops method of making lengthy privacy notices easier to understand
credit: SuPatMaN
  • It has been estimated it would take 76 days per year to fully read privacy notices
  • New method makes notices quicker and easier to understand by converting them into machine-readable formats
  • Team designed a JavaScript Object Notation schema which allowed them to validate, annotate, and manipulate documents.

An Aston University researcher has suggested a more human-friendly way of reading websites’ long-winded privacy notices.

A team led by Dr Vitor Jesus has developed a system of making them quicker and easier to understand by converting them into machine-readable formats. This technique could allow the browser to guide the user through the document with recommendations or highlights of  key points.

Providing privacy information is one of the key requirements of the UK General Data Protection Regulation (GDPR) and the UK Data protection Act but trawling through them can be a tedious manual process. 
In 2012, The Atlantic magazine estimated it would take 76 days per year to diligently read privacy notices. 
Privacy notices let people know what is being done with their data, how it will be kept safe if it’s shared with anyone else and what will happen to it when it’s no longer needed. 

However, the documents are written in non-computer, often legal language, so in the paper Feasibility of Structured, Machine-Readable Privacy Notices Dr Jesus and his team explored the feasibility of representing privacy notices in a machine-readable format. 

Dr Jesus said: “The notices are essential to keep the public informed and data controllers accountable, however they inherit a pragmatism that was designed for different contexts such as software licences or to meet the - perhaps not always necessary - verbose completeness of a legal contract.

“And there are further challenges concerning updates to notices, another requirement by law, and these are often communicated off-band e.g., by email if a user account exists.” 

Between August and September 2022, the team examined the privacy notices of 50 of the UK’s most popular websites, from globally organisation such as google.com to UK sites such as john-lewis.com. They covered a number of areas such as online services, news and fashion to be representative.

The researchers manually identified the notices’ apparent structure and noted commonly-themed sections, then designed a JavaScript Object Notation (JSON) schema which allowed them to validate, annotate, and manipulate documents.

After identifying an overall potential structure, they revisited each notice to convert them into a format that was machine readable but didn’t compromise both legal compliance and the rights of individuals.
Although there has been previous work to tackle the same problem, the Aston University team focused primarily on automating the policies rather than data collection and processing. 

Dr Jesus, who is based at the University’s College of Engineering and Physical Sciences  said: “Our research paper offers a novel approach to the long-standing problem of the interface of humans and online privacy notices. 

“As literature and practice, and even art, for more than a decade have identified, privacy notices are nearly always ignored and ”accepted” with little thought, mostly because it is not practical nor user-friendly to depend on reading a long text simply to access, for example a news website. Nevertheless, privacy notices are a central element in our digital lives, often mandated by law, and with dire, often invisible, consequences.”

The paper was published and won best paper at the International Conference on Behavioural and Social Computing, November 2023, now indexed at IEEE Xplore.

The team are now examining if AI can be used to further speed up the process by providing recommendations to the user, based on past preferences.
 

Notesd to editors

The Atlantic: https://www.theatlantic.com/technology/archive/2012/03/reading-the-privacy-policies-you-encounter-in-a-year-would-take-76-work-days/253851/

Feasibility of Structured, Machine-Readable Privacy Notices
International Conference on Behavioural and Social Computing November 2023
Date Added to IEEE Xplore: 17 January 2024
DOI: 10.1109/BESC59560.2023.10386763
Authors: Vitor Jesus, Asma Patel, Deepak Kumar Aston University, Birmingham, UK

About Aston University
For over a century, Aston University’s enduring purpose has been to make our world a better place through education, research and innovation, by enabling our students to succeed in work and life, and by supporting our communities to thrive economically, socially and culturally.
Aston University’s history has been intertwined with the history of Birmingham, a remarkable city that once was the heartland of the Industrial Revolution and the manufacturing powerhouse of the world.
Born out of the First Industrial Revolution, Aston University has a proud and distinct heritage dating back to our formation as the School of Metallurgy in 1875, the first UK College of Technology in 1951, gaining university status by Royal Charter in 1966, and becoming The Guardian University of the Year in 2020.
Building on our outstanding past, we are now defining our place and role in the Fourth Industrial Revolution (and beyond) within a rapidly changing world.
For media inquiries in relation to this release, contact Nicola Jones, Press and Communications Manager, on (+44) 7825 342091 or email: n.jones6@aston.ac.uk
 

 

Sue Smith,
Head of Press and Communications

 

Sam Cook,
Press and Communications Manager

 

Nicola Jones,
Press and Communications Manager

 

Helen Tunnicliffe,
Press and Communications Manager

 

Alternatively, email